Jadzia Pierce – Global Policy Watchhttps://www.globalpolicywatch.com
Key Public Policy Developments Around the WorldMon, 08 Oct 2018 17:38:20 +0000en-US
hourly
1 https://wordpress.org/?v=5.3.3&lxb_maple_bar_source=lxb_maple_bar_sourceNew Jersey District Judge Dismisses All Counts Against Smart TVshttps://www.globalpolicywatch.com/2018/10/new-jersey-district-judge-dismisses-all-counts-against-smart-tvs/
Mon, 08 Oct 2018 17:38:20 +0000https://www.globalpolicywatch.com/?p=8941Continue Reading]]>On September 26, 2018, New Jersey federal district judge Madeline Cox Arleo dismissed an eight-count class action complaint in its entirety against three smart TV makers: Samsung, LG, and Sony. The plaintiffs alleged that defendants’ smart TVs continuously monitored and tracked their viewing habits, recorded their voices, and then transmitted that information to defendants’ servers, after which the information was shared with third-party advertisers and content providers. The judge dismissed all counts:Federal Law Claims: Plaintiffs made two federal law claims: one under the Video Privacy Protection Act (“VPPA”) and one under the Wiretap Act (which is part of the Electronic Communications Privacy Act, or “ECPA”).

VPPA: Under the VPPA, plaintiffs must allege that a Video Tape Service Provider (“VTSP”) “knowingly disclosed” “personally identifiable information” (“PII”) concerning a consumer of such provider. The statute defines “PII” as “information which identifies a person as having requested or obtained specific video materials or services from a video tape service provider,” and the Third Circuit construes the VPPA as prohibiting “disclosures of information that would, with little or no extra effort, permit an ordinary recipient to identify a particular person’s video-watching habits.” See In re Nickelodeon Consumer Privacy Litigation (3d Cir. 2016). Plaintiffs alleged that Defendants disclosed “extensive information about plaintiffs’ and consumers’ digital identities, namely, consumers’ video-viewing history, consumers’ computer addresses, and information about other devices connected to the same Wi-Fi network.” The Court held that under In re Nickelodeon, the appropriate standard, plaintiffs failed to allege how an “ordinary recipient” of the data at issue could use it to “identify a particular person” “with little or no extra effort.”

Wiretap Act: The Wiretap Act prohibits “interceptions” of electronic communications, but also provides that it is not unlawful for a person to intercept an electronic communication where such a person is a party to that communication. As such, when plaintiffs alleged that defendants violated the Wiretap Act by intercepting electronic communications (specifically, electronic communications that the defendants’ smart TVs transmitted to plaintiffs, and communications that plaintiffs sent to defendants’ servers), defendants argued that they had not violated the Wiretap Act, among other reasons, because they were parties to the alleged communications. The court agreed with the defendants, finding that plaintiffs’ focus on whether defendants took plaintiffs’ and consumers “identifying information in real-time” could not overcome the fact that any communications to the smart TV manufacturers would not violate the Wiretap Act.

Other Claims

Plaintiffs also alleged four contract-based claims and two fraud-based claims:

Contract-based claims: Plaintiffs’ contract-based claims were for (1) breach of contract, (2) breach of duty of good faith and fair dealing, (3) breach of express warranty, and (4) unjust enrichment. Defendants argued that the first three claims failed because plaintiffs did not identify any actual contract or specific affirmation, promise, or guarantee made to them by the smart TV manufacturers. In addition, defendants argued that plaintiffs failed to identify a loss sustained by the plaintiffs or a benefit received by defendants, and therefore failed to state a claim for unjust enrichment. The court agreed and dismissed all four claims.

Fraud-based claims: Plaintiffs’ two fraud-based claims (unfair and deceptive tracking and transmission, and deceptive omissions) were brought under New Jersey’s Consumer Fraud Act. However, with the plaintiffs being from New York and Florida respectively, the only connection that they alleged between their claims and New Jersey was the defendant smart TV manufacturers’ allegedly “super-massive” presence in New Jersey. However, the Third Circuit has consistently maintained that a non-resident plaintiff cannot bring a Consumer Fraud Act claim where the sole connection to New Jersey is the defendants’ location, and the court therefore dismissed both fraud claims.

]]>NTIA’s International Internet Policy Priorities for 2018 and Beyondhttps://www.globalpolicywatch.com/2018/08/ntias-international-internet-policy-priorities-for-2018-and-beyond/
Mon, 13 Aug 2018 14:07:15 +0000https://www.globalpolicywatch.com/?p=8837Continue Reading]]>On July 20, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) published comments it received from a wide array of tech and telecom companies, trade groups, civil society, academia, and others regarding its “international Internet policy priorities for 2018 and beyond.” NTIA’s Office of International Affairs (“OIA”) had requested comments and recommendations from interested stakeholders in four broad categories: (1) free flow of information and jurisdiction; (2) the multistakeholder approach to Internet governance; (3) privacy and security; and (4) emerging technologies and trends. NTIA plans to harness the comments it received to help it identify “priority” issues, and to leverage its resources and expertise to effectively address stakeholders’ interests.

Free Flow of Information and Jurisdiction

Commentators uniformly expressed concern about limitations of cross-border flows of information, given the numerous economic and policy advantages to digital trade. Many stakeholders rejected the idea of data localization requirements, which they argued restrict the flow of data unnecessarily while particularly burdening smaller entities that do not have the resources to operate in every country in which their online services may be offered.

In addition, tech companies and civil society organizations called attention to the increased global demand for moderating online content. Such commentators pointed out that, although well-intentioned, proposals to regulate content such as hate speech and terrorist propaganda may end up having serious consequences for many forms of lawful speech.

Multistakeholder Approach to Internet Governance

Many tech companies and trade groups generally expressed support for a global, multistakeholder approach to Internet governance, particularly when that approach encourages participation in decisionmaking by users themselves and groups that own and operate the Internet infrastructure. Such commentators therefore encouraged NTIA to continue the IANA Stewardship Transition, which they say will foster such a multistakeholder approach to Internet governance.

Privacy and Cybersecurity

NTIA’s request for comments came shortly after the General Data Protection Regulation’s (“GDPR”) May 25th deadline, and as a result the GDPR was a hot topic for several stakeholders. Although civil society organizations generally did not endorse the GDPR as a gold-star model for other countries that wish to regulate the online collection, use, and sharing of personal data, many did call attention to the escalating need to address Internet users’ privacy concerns, particularly in the era of Big Data and the Internet of Things.

Industry stakeholders expressed skepticism about the viability of the GDPR in other jurisdictions, and were particularly concerned with the notion that the “right to be forgotten” may be adopted in jurisdictions beyond Europe. In lieu of GDPR becoming a baseline for international privacy protections, industry stakeholders instead proposed that NTIA encourage collaborative, multi-stakeholder processes for determining ways to protect data without stifling innovation.

With respect to cybersecurity, many tech companies found common ground with civil society groups in rejecting the idea of providing “backdoors” to encryption in order to enable government access – which several tech companies and trade associations said would unavoidably weaken encryption’s ability to effectively protect user data. Stakeholders largely advocated for strong, end-to-end encryption as a means to promote cybersecurity.

Emerging Technologies and Trends

Several commentators identified artificial intelligence (“AI”) and machine learning (“ML”) as emerging technologies that NTIA should be on the lookout for. The Internet of Things (“IoT”) was also flagged as an evolving trend, given the ever-increasing number of formerly “offline” products suddenly having a connected component. Stakeholders encouraged the promotion of responsible, ethical development of such technologies, which should include consideration of economic and human rights implications.

]]>CBP Revises Rules for Border Searches of Electronic Deviceshttps://www.globalpolicywatch.com/2018/01/cbp-revises-rules-for-border-searches-of-electronic-devices/
Wed, 10 Jan 2018 20:51:28 +0000https://www.globalpolicywatch.com/?p=8296Continue Reading]]> Last week, U.S. Customs and Border Protection (“CBP”) released a revised Directive governing searches of electronic devices at the border. These are the first official revisions CBP has made to its guidelines and procedures for devices since its 2009 Directive. The new Directive is intended to reflect the evolution of technology over the intervening decade, and CBP’s corresponding need to update its investigative techniques.
Notably (and as in previous CBP Directives), the new Directive does not require officials to obtain a warrant before conducting searches of travelers’ devices—even if the traveler being searched is an American—based on CBP’s position that searches and seizures at the border are exempt from the Fourth Amendment’s “probable cause” requirement. CBP nevertheless acknowledges that its searches must still meet the Fourth Amendment’s “reasonableness” requirement, which the self-imposed restrictions contained in the Directive are meant to achieve.Key Changes

“Reasonable Suspicion” for Forensic Searches: The new policy distinguishes between “basic” searches and “advanced” searches. “Basic” searches involve simply reviewing the device and the information contained on it, much as an ordinary user does when he or she scrolls through information on their phone or tablet. As in the 2009 Directive, border officials are permitted to conduct such searches without any particularized suspicion.

“Advanced” searches, on the other hand, involve connecting external equipment to the device in order to not only gain access to it, but also to review, copy, and analyze its contents. Under the new Directive, these more “forensic” searches now require supervisory approval and either a national security concern or reasonable suspicion of activity in violation of laws enforced or administered by CBP.

Protection of Information Stored in the Cloud: The new Directive continues the policy initiated by CBP in April 2017 that prohibited officials from intentionally accessing information stored remotely. In addition, the Directive specifies that in order to avoid accessing such cloud data, officials must request that the traveler disable connectivity to any network (for example, by placing the device in airplane mode). When warranted by national security, officials can disable the device’s network connectivity themselves.

Additional Procedures for Privileged Information: Although the 2009 Directive contained some limitations on reviewing information protected under the attorney-client privilege, the new Directive contains additional procedures that officials must follow if they encounter such data. Officials must now ask the traveler to clarify (ideally in writing) which specific files, file types, folders, or categories of information on their device may be privileged. Such privileged information must then be segregated by a designated “Filter Team” comprised of legal and operational representatives in order to ensure the information is handled appropriately.

Bypassing of Passcodes and Encryption Mechanisms: The new Directive explicitly requires travelers to “present electronic devices and the information contained therein in a condition that allows inspection of the device and its contents.” In that vein, officials may request a traveler’s assistance in unlocking their device and its applications, and may detain the device for a certain period of time if they are unable to complete their inspection because the device is passcode or encryption-protected. Moreover, the Directive specifically states that it does not limit CBP’s ability to use external equipment or “take other reasonable measures” to make the device and its contents legible, which may mean that officials are permitted to manually bypass passcode or encryption mechanisms themselves.

Obtaining Technical Assistance from Non-Government Entities: Like the 2009 Directive, the new Directive permits officials, with supervisory approval, to seek technical assistance for rendering a device or the information contained on it in a condition that allows for inspection. No individualized suspicion is required. However, whereas the 2009 Directive limited the provision of such technical assistance to other “federal agencies,” the new Directive removes this limitation. As a result, entities (such as the device’s manufacturer or an application developer) may be asked to help CBP unlock a device or its contents.

What’s Next

CBP’s searches of electronic devices have increased by nearly 60 percent since FY 2016, and they likely will continue to increase in the years to come as the use of electronic devices (and the amount of data stored on them) proliferates.

Although many have welcomed CBP’s additional, self-imposed restrictions contained in the new Directive, others believe the Directive does not go far enough. As a result, members of Congress may continue to propose legislation that would place additional limitations on CBP’s ability to search electronic devices (particularly when the device belongs to a U.S. person), such as the Protecting Data at the Border Act introduced last year by Senator Ron Wyden (D-OR) and co-sponsored by Senator Rand Paul (R-KY).

With or without legislative action, the Directive requires that its guidelines and procedures be reviewed at least every three years. As a result, the debate over what rules of the road should govern electronic device searches will occur much more frequently than it has in the past.